DOCSLIB.ORG

Hp-Server-V1010002-Sec-Eng.Pdf

Hp-Server-V1010002-Sec-Eng.Pdf

Hewlett-Packard Enterprise Development, L.P. Server Automation Ultimate v10.10.002 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 1.9 Prepared for: Prepared by: Hewlett-Packard Enterprise Development, L.P. Corsec Security, Inc. 3000 Hanover Street 13921 Park Center Road, Suite 460 Palo Alto, CA 94304 Herndon, VA 20171 United States of America United States of America Phone: +1 305 267 4220 Phone: +1 703 267 6050 Email: [email protected] Email: [email protected] http://www.hpe.com http://www.corsec.com Security Target, Version 1.9 December 17, 2015 Table of Contents 1 INTRODUCTION ..................................................................................................................... 4 1.1 PURPOSE ............................................................................................................................................................. 4 1.2 SECURITY TARGET AND TOE REFERENCES .................................................................................................... 4 1.3 PRODUCT OVERVIEW ....................................................................................................................................... 5 1.4 TOE OVERVIEW ................................................................................................................................................ 6 1.4.1 TOE Environment .............................................................................................................................................. 8 1.5 TOE DESCRIPTION ........................................................................................................................................... 9 1.5.1 Physical Scope ..................................................................................................................................................... 9 1.5.2 Logical Scope ................................................................................................................................................... 11 1.5.3 Product Physical/Logical Features and Functionality not included in the TOE ............................... 13 2 CONFORMANCE CLAIMS .................................................................................................... 14 3 SECURITY PROBLEM ............................................................................................................ 15 3.1 THREATS TO SECURITY ................................................................................................................................... 15 3.2 ORGANIZATIONAL SECURITY POLICIES ........................................................................................................ 16 3.3 ASSUMPTIONS .................................................................................................................................................. 16 4 SECURITY OBJECTIVES ....................................................................................................... 17 4.1 SECURITY OBJECTIVES FOR THE TOE ............................................................................................................ 17 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ................................................................ 17 4.2.1 IT Security Objectives .................................................................................................................................... 17 4.2.2 Non-IT Security Objectives ........................................................................................................................... 18 5 EXTENDED COMPONENTS ................................................................................................ 19 5.1 EXTENDED TOE SECURITY FUNCTIONAL COMPONENTS .......................................................................... 19 5.1.1 Class FAU: Security Audit ............................................................................................................................. 19 5.2 EXTENDED TOE SECURITY ASSURANCE COMPONENTS ............................................................................ 21 6 SECURITY REQUIREMENTS ................................................................................................ 22 6.1 CONVENTIONS ................................................................................................................................................ 22 6.2 SECURITY FUNCTIONAL REQUIREMENTS ...................................................................................................... 22 6.2.1 Class FAU: Security Audit ............................................................................................................................. 24 6.2.2 Class FCS: Cryptographic Support .............................................................................................................. 25 6.2.3 Class FDP: User Data Protection ................................................................................................................ 28 6.2.4 Class FIA: Identification and Authentication ............................................................................................ 29 6.2.5 Class FMT: Security Management ............................................................................................................. 30 6.2.6 Class FPT: Protection of the TSF ................................................................................................................. 32 6.2.7 Class FTA: TOE Access .................................................................................................................................. 33 6.2.8 Class FTP: Trusted Path/Channels .............................................................................................................. 34 6.3 SECURITY ASSURANCE REQUIREMENTS ......................................................................................................... 35 7 TOE SECURITY SPECIFICATION ....................................................................................... 36 7.1 TOE SECURITY FUNCTIONALITY ................................................................................................................... 36 7.1.1 Security Audit ................................................................................................................................................... 37 7.1.2 Cryptographic Support .................................................................................................................................. 37 7.1.3 User Data Protection ..................................................................................................................................... 38 7.1.4 Identification and Authentication ................................................................................................................ 39 7.1.5 Security Management ................................................................................................................................... 39 7.1.6 Protection of the TSF ..................................................................................................................................... 41 7.1.7 TOE Access ....................................................................................................................................................... 41 7.1.8 Trusted Path/Channels .................................................................................................................................. 42 8 RATIONALE ............................................................................................................................ 43 8.1 CONFORMANCE CLAIMS RATIONALE ........................................................................................................... 43 8.2 SECURITY OBJECTIVES RATIONALE ................................................................................................................ 43 HP Server Automation Ultimate v10.10.002 Page 2 of 55 © 2015 Hewlett-Packard Enterprise Development, L.P. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Target, Version 1.9 December 17, 2015 8.2.1 Security Objectives Rationale Relating to Threats ................................................................................. 43 8.2.2 Security Objectives Rationale Relating to Policies .................................................................................. 45 8.2.3 Security Objectives Rationale Relating to Assumptions ........................................................................ 45 8.3 RATIONALE FOR EXTENDED SECURITY FUNCTIONAL REQUIREMENTS ..................................................... 47 8.4 RATIONALE FOR EXTENDED TOE SECURITY ASSURANCE REQUIREMENTS .............................................. 47 8.5 SECURITY REQUIREMENTS RATIONALE ......................................................................................................... 47 8.5.1 Rationale for Security Functional Requirements of the TOE Objectives .......................................... 47 8.5.2 Security Assurance Requirements Rationale ........................................................................................... 50 8.5.3 Dependency Rationale .................................................................................................................................. 50 9 ACRONYMS ............................................................................................................................ 53 Table of Figures

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    55 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us